Re: [OAUTH-WG] WGLC on Assertion Drafts
"Zeltsan, Zachary (Zachary)" <zachary.zeltsan@alcatel-lucent.com> Thu, 05 April 2012 20:33 UTC
Return-Path: <zachary.zeltsan@alcatel-lucent.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B35F21F85C4 for <oauth@ietfa.amsl.com>; Thu, 5 Apr 2012 13:33:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.599
X-Spam-Level:
X-Spam-Status: No, score=-8.599 tagged_above=-999 required=5 tests=[AWL=-2.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKZR6bjcUe5I for <oauth@ietfa.amsl.com>; Thu, 5 Apr 2012 13:33:58 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by ietfa.amsl.com (Postfix) with ESMTP id E141721F85C0 for <oauth@ietf.org>; Thu, 5 Apr 2012 13:33:57 -0700 (PDT)
Received: from usnavsmail1.ndc.alcatel-lucent.com (usnavsmail1.ndc.alcatel-lucent.com [135.3.39.9]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id q35KXs8o024705 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 5 Apr 2012 15:33:54 -0500 (CDT)
Received: from USNAVSXCHHUB03.ndc.alcatel-lucent.com (usnavsxchhub03.ndc.alcatel-lucent.com [135.3.39.112]) by usnavsmail1.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q35KXsG6023112 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Thu, 5 Apr 2012 15:33:54 -0500
Received: from USNAVSXCHMBSA3.ndc.alcatel-lucent.com ([135.3.39.125]) by USNAVSXCHHUB03.ndc.alcatel-lucent.com ([135.3.39.112]) with mapi; Thu, 5 Apr 2012 15:33:54 -0500
From: "Zeltsan, Zachary (Zachary)" <zachary.zeltsan@alcatel-lucent.com>
To: "'Tschofenig, Hannes (NSN - FI/Espoo)'" <hannes.tschofenig@nsn.com>, "'oauth@ietf.org'" <oauth@ietf.org>
Date: Thu, 05 Apr 2012 15:33:51 -0500
Thread-Topic: WGLC on Assertion Drafts
Thread-Index: Ac0TOvMdI0KJHLgrSYOXF98LEO+MPAALZYCw
Message-ID: <5710F82C0E73B04FA559560098BF95B1250DE5716F@USNAVSXCHMBSA3.ndc.alcatel-lucent.com>
References: <999913AB42CC9341B05A99BBF358718D014D5CD1@FIESEXC035.nsn-intra.net>
In-Reply-To: <999913AB42CC9341B05A99BBF358718D014D5CD1@FIESEXC035.nsn-intra.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_5710F82C0E73B04FA559560098BF95B1250DE5716FUSNAVSXCHMBSA_"
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.9
Subject: Re: [OAUTH-WG] WGLC on Assertion Drafts
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2012 20:33:59 -0000
Hello, The draft http://tools.ietf.org/html/draft-ietf-oauth-assertions-01, section 6.1 has the following requirement: The Authorization Server MUST validate the assertion in order to establish a mapping between the Issuer and the secret used to generate the assertion. I thought that checking a signature is a part of the assertion validation, which cannot be done without knowing the mapping between the issuer and the secret used to generate the assertion. It appears that the quoted text requires validation of the assertion prior to checking the signature. What am I missing? Zachary From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Tschofenig, Hannes (NSN - FI/Espoo) Sent: Thursday, April 05, 2012 10:47 AM To: oauth@ietf.org Subject: [OAUTH-WG] WGLC on Assertion Drafts Hi all, this is a Last Call for comments on these three documents: http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-10 http://tools.ietf.org/html/draft-ietf-oauth-assertions-01 http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-02 Please have your comments in no later than April 23rd. Do remember to send a note in if you have read the document and have no other comments other than "it's ready to go" - we need those as much as we need "I found a problem". Thanks! Hannes & Derek
- [OAUTH-WG] WGLC on Assertion Drafts Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] WGLC on Assertion Drafts Justin Richer
- Re: [OAUTH-WG] WGLC on Assertion Drafts Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] WGLC on Assertion Drafts Brian Campbell
- Re: [OAUTH-WG] WGLC on Assertion Drafts Chuck Mortimore
- Re: [OAUTH-WG] WGLC on Assertion Drafts Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] WGLC on Assertion Drafts Brian Campbell